CVE/vulnerability
Millions of WordPress Websites Vulnerable to Script Injection Due to Plugin Flaw
A critical security vulnerability in the Essential Addons for Elementor plugin, installed on over 2 million WordPress websites, has exposed sites to script injection attacks via malicious URL parameters.The flaw, tracked...
CVE/vulnerability
90,000 WordPress Sites Exposed to Local File Inclusion Attacks
A critical vulnerability (CVE-2025-0366) in the Jupiter X Core WordPress plugin, actively installed on over 90,000 websites, was disclosed on January 6, 2025.The flaw...
cyber security
Arbitrary File Upload Vulnerability in WordPress Plugin Let Attackers Hack 30,000 Website
A subgroup of the Russian state-sponsored hacking group Seashell Blizzard, also known as Sandworm, has intensified its cyber operations through a campaign dubbed BadPilot.This...
CVE/vulnerability
30,000 WordPress Sites Exposed to Exploitation via File Upload Vulnerability
A critical security vulnerability in the "Security & Malware scan by CleanTalk" plugin has left over 30,000 WordPress websites exposed to exploitation.The vulnerability, identified...
Cyber Security News
10,000 WordPress Websites Hacked to Distributing MacOS and Microsoft Malware
Over 10,000 WordPress websites have been hijacked to deliver malicious software targeting both macOS and Windows users.Researchers revealed this week how attackers leveraged vulnerabilities...
CVE/vulnerability
WordPress Plugin Vulnerability Exposes 23k+ Websites to Hacking
Researchers from Patchstack have warned that over 23,000 real estate websites using the popular RealHomes WordPress theme and its bundled Easy Real Estate plugin...
Cyber Crime
Credit Card Skimmer Hits WordPress Checkout Pages, Stealing Payment Data
Researchers analyzed a new stealthy credit card skimmer that targets WordPress checkout pages by injecting malicious JavaScript into the WordPress database. On checkout pages, the...
Cyber Crime
New WordPress Plugin That Weaponizes Legit Sites To Steal Customer Payment Data
Cybercriminals have developed PhishWP, a malicious WordPress plugin, to facilitate sophisticated phishing attacks, which enable attackers to create convincing replicas of legitimate payment gateways,...
CVE/vulnerability
200,000 WordPress Sites Exposed to Cyber Attack, Following Plugin Vulnerability
A critical security vulnerability has been discovered in the popular WordPress plugin Anti-Spam by CleanTalk, which is installed on over 200,000 websites.The vulnerability, which...
CVE/vulnerability
4M+ WordPress Websites to Attacks, Following Plugin Vulnerability
A critical vulnerability has been discovered in the popular "Really Simple Security" WordPress plugin, formerly known as "Really Simple SSL," putting over 4 million...
Cyber Attack
ClickFix Malware Infect Website Visitors Via Hacked WordPress Websites
Researchers have identified a new variant of the ClickFix fake browser update malware distributed through malicious WordPress plugins.These plugins, disguised as legitimate tools,...